Sony suffers second major user data theft

NEW YORK (Reuters) - Sony disclosed on Monday hackers had stolen the names, addresses and passwords of nearly 25 million more users than previously known less than a day after the Japanese company apologized for one of the worst break-ins in Internet history.

Hostess Mindi Smith, dressed as EverQuest game character Firiona Vie, stands during the Electronic Entertainment Expo or E3 in Los Angeles June 2, 2009. REUTERS/Mario Anzuoni

Sony’s latest revelation comes after Sony No. 2 Kazuo Hirai announced measures had been put in place to avert another Playstation-type cyberattack, hoping to repair its tarnished image and reassure customers who might be pondering a shift to Microsoft’s Xbox.

The Japanese electronics company said it discovered the break-in of its Sony Online Entertainment PC games network also led to the theft of 10,700 direct debit records from customers in Austria, Germany, the Netherlands and Spain and 12,700 non-U.S. credit or debit card numbers.

The attack that Sony disclosed on Monday took place a day before a massive break-in of a separate video game network that led to the theft of 77 million users accounts. Sony revealed that attack last week.

The PlayStation network lets video game console owners download games and play against friends. The Sony Online Entertainment network, the victim of the latest break-in hosts games played over the Internet on PCs.

Sony said late Monday that the names, addresses, emails, birth dates phone numbers and other information from 24.6 million PC games customers was stolen from its servers as well as an “outdated database” from 2007.

A spokesman for the online games unit based in San Diego said the service was taken down at 1:30 am Pacific time on Monday.

The April incident has sparked legal action and investigations by authorities in North America and Europe, home to almost 90 percent of the users of the network, which enables gamers to download software and compete with other members.

On Monday, Sony declined to testify in person in front of a U.S. congressional hearing, but agreed to respond to questions on how consumer private data is protected by businesses in a letter on Tuesday, said a spokesman for Rep. Mary Bono Mack, a Republican Congresswoman from California, who is leading the hearing.

SONY FACEBOOK GAMES DOWN

The incident that Sony disclosed on Monday also forced it to suspend its Sony Online Entertainment games on Facebook.

Sony posted a message on Facebook saying it had to take down the games during the night.

A Sony spokesman said the Facebook games make money from microtransactions and the sale of virtual goods like costumes and weapons.

It was not immediately clear if the data theft included data from players of Sony games including “PoxNora,” “Dungeon Overlord,” “Wildlife Refuge” on Facebook.

Facebook could not immediately be reached for comment.

Sony Online Entertainment is a division of Sony Corp, the global electronics company that operates online games such as “EverQuest” and is separate from the PlayStation video game console division.

Sony denied on its official PlayStation blog on Monday that hackers had tried to sell it a list of millions of credit card numbers.

Related Coverage

The news comes less than a week after Sony alerted customers that a hacker broke into Sony’s PlayStation video game network and stole names, addresses, passwords and possibly credit card numbers of its 77 million customers.

Sony alerted customers a week after discovering the break-in.

Sony executives apologized on Sunday and said it would gradually restart the PlayStation Network with increased security and would offer some free content to users.

Additional reporting by Edwin Chan in Los Angeles and Alexei Oreskovic in San Francisco; editing by Andre Grenon and Richard Chang